Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Form::open() should add hidden field with csrf token if csrf_autoload = true #1171

Closed
keevitaja opened this issue Oct 17, 2012 · 5 comments
Closed

Form::open() should add hidden field with csrf token if csrf_autoload = true #1171

keevitaja opened this issue Oct 17, 2012 · 5 comments

Comments

@keevitaja
Copy link

At the moment csrf_autoload in main config.php seemes to be useless, beacause you have to add the csrf token to view manually.
@WanWizard
Copy link
Member

That doesn't really help much, as this config key does autoload, not autovalidate.

@RamyTalal
Copy link

@WanWizard An auto-validate option would be a great addition.

@WanWizard
Copy link
Member

That would cause an exception where you won't be able to catch it (other then perhaps in your index.php), I'm not sure that is desirable.

@WanWizard
Copy link
Member

Auto validation has been fixed in 1.6/develop, and will now throw a SecurityException if the token is missing or doesn't validate. You'll have to catch this in your index.php if you want to handle it gracefully.

Note that this requires that ALL your POST requests contain the token, both form and json posts!

@WanWizard WanWizard mentioned this issue Aug 29, 2013
Open
@WanWizard
Copy link
Member

Continue here: fuel/fieldset#6

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@keevitaja @RamyTalal @WanWizard